Wpscanteam

**Name of the Vulnerable Software and Affected Versions** Premium Addons for Elementor versions up to, and including, 4.5.1 Premium Addons for Elementor versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c **Description** The issue is due to missing capability and nonce checks in the `pa dismiss admin notice` AJAX action, making it possible for authenticated subscriber+ attackers to change arbitrary options with a restricted value of 1 on vulnerable WordPress sites. This is a high-severity vulnerability that impacts multiple versions of the plugin. Users are urged to update to the latest version immediately to mitigate risks. **Recommendations** For versions up to, and including, 4.5.1: Update to the latest version immediately to secure your site. For versions prior to 2e5b3608-1dfc-468f-b3ae-12ce7c25ee6c: Update to the latest version to safeguard your site. As a temporary workaround, consider disabling the `pa dismiss admin notice` AJAX action until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ask me WordPress theme versions prior to 6.8.2 **Description** The issue allows an attacker to trick logged-in users into performing various actions on their behalf on the site due to the lack of CSRF checks for AJAX actions. **Recommendations** For versions prior to 6.8.2, update to version 6.8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** External Links in New Window / New Tab WordPress plugin versions prior to 1.43 **Description** The issue concerns the improper escaping of URLs concatenated to onclick event handlers, making Stored Cross-Site Scripting attacks possible. **Recommendations** For versions prior to 1.43, update to version 1.43 or later to resolve the issue. As a temporary workaround, consider disabling the use of onclick event handlers in the External Links in New Window / New Tab WordPress plugin until a patch is available.